Update 5/2/2019: The Now team added some better documentation around caching static assets.

As of early January 2019, Now 2.0 is still young, and so is the documentation. It’s moving quickly and…

The event-stream package had a major vulnerability. The malicious code was actually found in version 0.1.1 of flatmap-stream, but event-stream was the true source of the issue as it’s a popular package and introduced flatmap-stream in version 3.3.6 as part of the hack.